I'm currently working on desktop application which calls third party API. After authorizing against their "web service", a kind of user token is returned which should be stored locally (even if user closes application).
So I'm looking for solution to encrypt this token with user specific key. Does Windows (and .NET) provide some standard way for doing this? All I want is protect token from other users of same computer.
P.S. I can't store hash, as I need to decrypt this token at startup.
Yes, there are a number a built in functions for encryption in .NET, it all depends on exactly how you want to get it done.
Here is a good beginning article, that shows you some of the basic elements, classes, and methods of doing encryption in .NET
NOTE: all of the needed classes are in the System.Security.Cryptography namespace
at runtime, you can store the auth key in a SecureString ... to store it in between sessions you can use one of the symmetric encryption APIs in the .NET framework.
Yeah. Windows does provide it. Check out DPAPI which can be accessed by .NET Framework's System.Security.Cryptography.ProtectedData class (available since v2.0) to securely store sensitive information.